[Cryptography] [FORGED] USB hardware token for $2??
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Dec 22 19:24:13 EST 2016
Phillip Hallam-Baker <phill at hallambaker.com> writes:
>Any chance one of these could be used as a low cost HSM? Specifically, the
>use I would have for it would be to provide a second factor for sensitive key
>management operations. I would not store the whole key on the device, just a
>share of the key.
Anything (with a CPU) can be used as a low-cost HSM, the problem isn't the
hardware, it's the software. Take any random ARM-based device (or Atmel, or
MSP430 if you're a masochist) and turn it into an HSM, all the work is in the
software, not the hardware.
It always amuses and/or depresses me to see yet another ARM board on Tindie or
Kickstarter or Indiegogo or whatever, "the world's first/smallest/most
cromulent ARM XYZ" [0], which is exactly the same as every other ARM XYZ
except that it has no software for it.
To generalise this, the problem with almost any consumer-level hardware device
isn't the hardware, it's the software. Hardware is easy, buy it from your
favourite crapvendor, get a locally-made product, clone the manufacturer's
reference design if you really want to DIY, it doesn't matter.
Software, OTOH, is hard.
Peter.
[0] Everything on Kickstarter has to be at least one, possibly more of, the
world's first, smallest, or thinnest. No idea why, it just is.
More information about the cryptography
mailing list